Diebold Memos Disclose Florida 2000 Voting Fraud

Joe Conason's Journal
Why aren't Republicans more disturbed by the threat of computer cheating?

- - - - - - - - - - - -
Oct. 27, 2003 | Newsweek looks into black-box voting

This fall, at every venue I visit to sign books and talk about politics, at least one worried citizen asks whether I believe rogue computer software can steal the next election for the Republicans. Others nod, murmur, and wonder aloud: What can we do about this threat to democracy? Why should we vote or encourage others to vote when the system can be gamed? How do we convince the mainstream media to cover this crucial story?

Web journalists have been probing the real and potential problems of electronic voting most notably on Black Box Voting.org and Black Box Voting.com, the Web sites Bev Harris runs, and in Salon -- but it is true that major media outlets have devoted little attention to the possibility that future elections could be untraceably rigged. Today, Newsweek tech reporter Steven Levy examines that dire prospect in the magazine's Nov. 3 issue. As he explains:

"After you punch the buttons to choose your candidates, you may get a final screen that reflects your choices -- but there's no way to tell that those choices are the ones that ultimately get reported in the final tally. You simply have to trust that the software inside the machine is doing its job ... The best minds in the computer-security world contend that the voting terminals can't be trusted."

And although Levy refers to "conspiracy theories" buzzing around the Internet, he lends some credence to suspicions focused on the Diebold company, whose CEO Walden O'Dell is a partisan Republican and Bush fundraiser who says he is "committed to helping Ohio deliver its electoral votes for the president next year."

Bolstering such concerns are the findings of top computer-security experts such as Avi Rubin of Johns Hopkins and David Dill of Stanford. Rubin, who was given a copy of the Diebold voting computers' source code several months ago, has declared its protections against fraud to be worthless. Dill told Newsweek that the risk of a stolen election is "extremely high."

The sickening irony of this situation is that it developed from congressional efforts to preclude another fiasco like Florida 2000. Now Rep. Rush Holt, D.-N.J., has proposed legislation that would require a separate printed record of every computerized vote so that recounts can be audited with a paper trail. But Rep. Bob Ney, the committee chairman, opposes Holt's Voter Confidence Act. Ney happens to be a Republican from Ohio. But why aren't Republicans -- many of whom fret incessantly about "ballot security" in black and Latino neighborhoods -- more disturbed by the threat of computer cheating?


http://www.blackboxvoting.org/

http://www.blackboxvoting.com/

http://www.msnbc.com/news/985033.asp#BODY

The referenced Salon.com article...
__________
An open invitation to election fraud
Not only is the country's leading touch-screen voting system so badly designed that votes can be easily changed, but its manufacturer is run by a die-hard GOP donor who vowed to deliver his state for Bush next year.

- - - - - - - - - - - -
By Farhad Manjoo

Sept. 23, 2003 | As if the public image of punch-card voting machines had not already been bruised and battered enough, on Sept. 15 the 9th Circuit Court of Appeals went for the K.O. Punch-card voting, a three-judge panel of the court said in its ruling halting the California gubernatorial recall election, is an embarrassment to our high-tech times: "Just as the black and white fava bean voting system of revolutionary times was replaced by paper balloting, and the paper ballot replaced by mechanical lever machine, newer technologies have emerged to replace the punch-card, including optical scanning and touch screen voting."

But according to Bev Harris, a writer who has spent more than a year investigating the shadowy world of the elections equipment industry, the replacement technologies the court cited may be worse -- much worse -- than the zany punch-card systems it finds so abhorrent. Specifically, Harris' research into Diebold, one of the largest providers of the new touch-screen systems, ought to give elections officials pause about mandating an all-electronic vote.

Harris has discovered that Diebold's voting software is so flawed that anyone with access to the system's computer can change the votes without leaving any record. On top of that, she's uncovered internal Diebold memos in which employees seem to suggest that the vulnerabilities are no big deal. The memos appear to be authentic -- Diebold even sent Harris a notice warning her that by posting the documents on the Web, she was infringing upon the company's intellectual property. Diebold did not return several calls for comment.

The problems Harris uncovered are not all that surprising; technologists have been warning of the potential for serious flaws in electronic voting systems -- especially touch-screen systems -- for years. In July, scientists at Johns Hopkins and Rice found that security in Diebold's voting software fell "far below even the most minimal security standards applicable in other contexts." The report prompted Maryland Gov. Robert Ehrlich to order a review of the Diebold systems used in his state. Many of the world's most highly regarded computer scientists have called on voting companies to build touch-screen systems that print a paper ballot -- a "paper trail" -- in order to reduce the risk of electronic tampering.

Activists have also questioned the political affiliations of the leading voting companies. Late last year, Harris found that Sen. Chuck Hagel, a Nebraska Republican, used to run the voting company that provided most of the voting machines in his state. And in August, the Cleveland Plain Dealer reported that Walden O'Dell, the CEO of Diebold, is a major fundraiser for President Bush. In a letter to fellow Republicans, O'Dell said that he was "COMMITTED TO HELPING OHIO DELIVER ITS ELECTORAL VOTES TO THE PRESIDENT NEXT YEAR."

But the problems Harris found in Diebold's system are perhaps the best proof yet that electronic voting systems aren't ready for prime time. Indeed, the vulnerabilities in the software, as well as the internal memos, raise questions about the legitimacy of the California recall election. In its ruling, the 9th Circuit Court put the election on hold until the six counties that currently use punch-card systems -- six counties that comprise 44 percent of the state's voters -- upgrade their systems. On Monday, 11 judges on the 9th Circuit reheard the recall case; they may very well allow the election to go ahead on Oct. 7. If the recall vote is put on hold until March, however, many may wonder whether to trust the results: Four of the six punch-card counties -- including the largest, Los Angeles and San Diego -- have plans to upgrade to Diebold machines by March. (UPDATE: On Tuesday, the appellate court ruled that the recall would go ahead as originally scheduled, on Oct. 7.)

Harris is a literary publicist and author whose investigations into the secret world of voting equipment firms have led some to call her the Erin Brockovich of elections, and who is now writing a book called "Black Box Voting." She spoke to Salon about her findings, by telephone, from her home in Seattle.

- - - - - - - - - - - -


Tell me about the flaw you uncovered in the Diebold system.

Well, we uncovered a few problems in the memos, but the first one that we published specifically supported the flaw that I wrote about in July of 2003. And to my surprise these memos admitted they were aware of the flaw, and it was actually brought to their attention by Ciber labs -- which is a certifier -- in October 2001, and they made a decision not to fix it.

So it was brought to their attention two years ago?

Right.

So what was the flaw?

Specifically the flaw was that you can get at the central vote-counting database through Microsoft Access. They have the security disabled. And when you get in that way, you are able to overwrite the audit log, which is supposed to log the transactions, and this [audit log] is one of the key things they cite as a security measure when they sell the system.

So you can break in and then hide your tracks.

You don't even need to break in. It will open right up and in you go. You can change the votes and you can overwrite the audit trail. It doesn't keep any record of anything in the audit trail when you're in this back door, but let's say you went in the front door and you didn't want to have anything you did there appear anywhere -- you can then go in the backdoor and erase what you did.

Who would have access to this? Are we talking about elections officials?

A couple situations. Obviously anybody who has access to the computer, whether that's the election supervisor, their assistants, the IT people, the janitor -- anybody who has access to the computer can get into it.

Where is this computer -- is there one per county?

Yes, there's one per county.

The other situation would be supposing someone gets in by either hacking the telephone system or by going backwards in through the Internet, because the Internet does connect to these GEMS computers, even though they deny it. A lot of the press watches election results come in on the Web and what they're watching is actually being uploaded directly off the GEMS computer.

These computers in the counties are connected to the Internet, and someone can go through the Internet --

-- and just go into it, correct. It would be as the results are uploading. You see, they make a big point of the fact that there's no Internet connection to the voting machine, but that's sort of parsing the issue. That's true, in the polling places there's no Internet connection, but the voting machines connect into the GEMS machine through modem. And the GEMS machine then connects to the Internet, and that's what the press watches.

And somebody who knows about this can go to each one of those GEMS machines and have access to the vote and change the results?

Yes, as they're coming in.

What led you to believe that there might be this flaw in the first place?

Well I work with about 22 computer programmers who have been looking at this stuff -- I'm not that brilliant. Immediately when they began looking at the GEMS program they began commenting on the fact that it has no -- it's something called referential integrity. And what that means is that there are many different ways that it can become vulnerable to hacking. It has to do with how one part of the database is hooked into the next part.

I got a call from one of our more brilliant computer programmers -- he's got quite a few advanced degrees -- and he called me on a weekend and he said, "I want you to go to your computer." And he walked me through it just like a support tech does -- open this panel, click this, do this, do that. And as I'm doing this it was appalling how easy it was. Once you know the steps, a 10-year-old can rig an election. In fact it's so easy that one of our activists, Jim March in California, put together a "rig-a-vote" CD. He's been going around showing it to elections officials, and now this CD has been making its way to Congress members.

It's shocking. All you do is double-click the icon. You go backwards through the Internet to that county computer, and if you have Microsoft Access on your machine you can walk right into that election database while it's open. It's configured for multiple access at the same time. You can be in there changing things and you can change anything you want.

There's nothing -- no security in this?

No, in fact in the memo, [Ken Clark, an engineer at Diebold] says specifically that they decided not to put a password on it because it was proving useful. They were using the back door to do end runs around the voting program. And he named two places where they were doing this, Gaston County, N.C., and King County, Wash.

Right, in the memo he says, "King county is famous for it. That's why we've never put a password on the file before." What does that mean? Why would the counties find this useful?

I have no idea what they were doing. [But] because you can change anything on the database, they could have been doing anything, whether it was nefarious or just fixing a stupid thing that they had done. The problem is this: You should set up the program so that anything you do is going to be recorded and watched and audited -- it's official. There's nothing you can do that's legitimate by going into a back door that never records anything. If you need to go change some vote total because they came out wrong, that needs to be done publicly and the candidates should be aware of it. You don't do that by going into a back door.

What do officials in these counties say?

Well in Gaston County it was done by a Diebold employee. [In the memo, Clark says this employee, identified only as "Jane," "did some fancy footwork on the .mdb file in Gaston recently."] I would assume that someone would need to contact Diebold. For King County, it doesn't say whether an election official did it or whether [Diebold] did it.

But it is curious wording -- King County is famous for it.

I know! Dave Ross, who has a radio show in Seattle, called King County and asked if they would like to explain it and they said no. [In an interview with Salon on Thursday, Dean Logan, King County's elections director, could not immediately say what the reference to his county in the Diebold memo could mean. Logan, who said he has just been on the job two weeks, said he would check with members of his staff and call back.]

And these counties are still using Diebold systems?

They still are.

Where else are Diebold systems being used?

They're in 37 states. And, by the way, this flaw that we're discussing right now affects optical-scan and touch-screen machines equally. They both come into the GEMS program.

Diebold is actually the fastest-growing voting company in the United States right now. The reason they're the fastest-growing is they tend to sell a whole state at a time. They sold to the state of Georgia, the state of Maryland, the state of Arizona. They're trying to sell the state of Ohio. They also picked very large metro areas.

Georgia used Diebold's touch-screen machines in 2002, right?

Yes.

And Georgia also had some wacky results, right?

They did. They had six upsets. The most famous one is Max Cleland [the Democratic senator and the incumbent]. That's because he was quite far ahead in the polls and an 11-point shift happened overnight and [Republican] Saxby Chambliss won instead. And the other upset that surprised people was Sonny Purdue, who was the first Republican governor elected in 134 years.

Do you think those elections were legitimate elections?

Well, I think that it was an illegal election in that they had no idea what software was on the machines at the time. Georgia was a situation where they had changed the software not once or twice but seven or eight times so it went through so many permutations without even being examined by anyone, and nobody has any idea what the machines did. [Harris says she confirmed these preelection changes to Diebold's software in conversations with Georgia voting officials, but Diebold denies that any changes were made. In February, Joseph Richardson, a spokesman for the company, told Salon: "We have analyzed that situation and have no indication of that happening at all."]

I do find this suspicious -- they have since scrubbed clean the flash memory and gotten rid of the small cards that store the results from each touch-screen machine. They've overwritten it with a whole new thing. What's amazing is you keep paper ballots for 22 months, and they're an awful lot bulkier than these credit card-size memory cards, but for some reason they felt compelled to get rid of them all. They have also overwritten all of the GEMS programs in the counting machines. They've gone through and overwritten everything in the state.

OK, so we should talk about how Diebold responded to your posting these memos.

As soon ... a few days after we posted them they sent us a cease-and-desist letter -- interestingly authenticating the memos and laying claim to them, telling us that they were copyrighted. So they claimed copyright and they told us to take them off the Web.

Right. By claiming copyright they're saying they own them, so that seems to indicate they are authentic memos.

Exactly.

So what's your response to their copyright claim?

Well, I don't believe you can protect intent to break the law by slapping a copyright on it. And the memos that we posted show that the law has been broken. If you can protect intent to break the law, all anybody would need to do is take their bank robbery plans and put a copyright on it, and then say nobody can look at them because they're copyrighted.

Do you really think that their memos show intent to break the law?

Oh yes, yes. The Ken Clark memo is absolutely clear. It says they have been aware of these security flaws for years and they have chosen not to correct it. He says something to the effect of, find out what it will take to make this problem go away. [Referring to a voting equipment certifier, Clark tells a colleague to "find out what it is going to take to make them happy."] He says if you don't mention [a problem] you may "skate through" certification. And talking about doing "end runs" is not a good thing either.

And what's disturbing is the very same thing that these memos are talking about -- overwriting the audit log -- in the presentation in which they sold their machines to the state of Georgia they specifically bring up the audit log and say that no human can change it. This shows they made fraudulent claims, frankly.

There's a thing called a Qui Tam suit which citizens can file if they feel that federal money has been spent based on fraudulent claims. I haven't done it because it gives you a gag order and I refuse to be gagged even for billions of dollars, but these things are wide open for such a thing. If you go and look at the sales documents, they made one claim after the next.

So because the memos show what you say is clear intent to break the law, that's why you don't think that they have a valid copyright claim.

Well, the other issue is an overriding public interest. We are told that we are to depend on these systems in 37 states and yet they are admitting that they are easy to tamper with.

Are you going to respond to them?

Well, these memos are on the Web in so many locations that we took them off and put a link to someone else who put them up. So that fulfills our requirement under the law.

But do you know if it's possible for you to face any --

-- any retaliation? It's certainly possible that they will try retaliation, and if so I will use the full extent of the law available to me for full discovery of everything. And I think that going through discovery will become a very uncomfortable process and perhaps put some people in jail ... Not on our side, by the way.

At this point activists are now taking these memos from various places on the Web into their state attorneys general and asking for an investigation, and since Diebold has now authenticated them it's no longer, "I found this on the Web," it's, "I found this on the Web and Diebold says they wrote them."

When Diebold is put to greater scrutiny, won't the elections officials say, "We won't go with Diebold, but we'll use touch-screen systems from this company or this company?"

Well, I think that won't fly in the long run because the same illness is afflicting all of them, and that is that they are not auditable and secret. The solution is pretty simple and obvious, and that is to get properly auditable machines. A lot of the security stuff goes away -- the most bulletproof system that I know anyone has come up with is one that is a touch screen but then prints a ballot that the voter verifies.

Whatever the software is doing, if you have something with a really bulletproof audit -- the voter verifying the paper, and the computer tally -- if those two things match, you've got a pretty good confidence level.

If Diebold, ES&S and Sequoia want to come up with a nice paper trail, voter-verified paper trail that's a touch screen, I'm supporting them. But right now they're fighting it tooth and nail.

How are they fighting it?

For one thing they had a meeting on Aug. 22 -- the voting machine manufacturers and the Election Center [a nonprofit management division of the National Association of State Election Directors, which handles part of the voting-machine certification process] and a lobbyist. The whole purpose of this meeting was to try to get the public to figure out how to accept machines without a paper trail.

How did you find out about this meeting?

Actually, this is kind of funny. My publisher found out about this. It was a teleconference and he just called in under his own name and nobody asked him where he was from, and he sat in on the whole meeting. [Harris' publisher, David Allen, posted notes on the meeting on his Web site.]

The meeting had quite a few things of concern in it. They were being told that as an industry they had to come up with $200,000 in seven days in order to come up with a P.R. campaign to whitewash their P.R. problem, as they put it.

So apparently they feel they have a problem?

Yeah, they do. And in this particular meeting, one of the things they discuss is, they say, "Now we need to make sure the press never finds out this because we don't want them to know we have a problem." [According to David Allen, Harris Miller, the president of the Information Technology Association of America, said, "We just didn't want a document floating around saying the election industry is in trouble, so they decided to put together a lobbying campaign."]

Was there anything discussed about addressing the problem?

Absolutely, what they want to do is not fix the problem, but they agreed to fix the perception of the problem.

Did they indicate what they thought would be a problem with printing paper ballots?

No. It was a foregone conclusion that we don't want paper.

But they say that they would try to convince the public that having no paper is fine?

Right.

It's rather confusing why they're fighting this ...

Yes, actually I find it a little bit suspicious frankly.

What do you mean by that?

Well -- it just seems like, OK, most of us who've ever run a business before, you know what the public wants. Diebold could have early on become a hero by saying, "You know what, this is a problem, but here's what we're going to do. We're going to make sure that you guys have what you want, we're going to get you this paper ballot." And instead there's this huge amount of money being expended to avoid it. It's such a simple solution -- it's too much fighting over something that's so simple and that is pretty much agreed on by all of the tech experts anyway.

The last thing I wanted to talk to you about is the California recall.

Hey, you Californians. What in Sam Hill are you doing?

Well -- as you know, the other day the 9th Circuit Court ruled that the election should be put on hold because punch-card systems are being used in six counties. Do you have any opinion on that -- on whether it's a good idea to hold off on the election because of the punch-card systems? Isn't it better to have punch cards than touch screens?

Well, here's my opinion on that. First of all I don't understand why you guys are doing this election, but be that as it may. There's a study by MIT and Caltech from 2001, and it found that optical scans lose about 3 percent of the vote, punch cards lose about 4.1 percent, and touch screens lose 5.7 percent. [Harris' numbers are a bit off. The Caltech MIT study, which was one of the most thorough investigations into what went wrong in the 2000 election, analyzed "residual votes" -- "uncounted, unmarked and spoiled ballots" -- caused by different types of voting machines. For the presidential race, 2.5 percent of all votes cast on punch-card machines were residual votes; the rate was slightly lower, 2.3 percent, for touch-screen machines. But in gubernatorial and senatorial races, punch-card machines had a 4.7 percent error rate, while touch-screen machines had an alarming 5.9 percent error. The study's 95-page report is available here.]

If you're going from punch cards to optical-scan ballots, that is an upgrade, but if you're going from punch cards to touch screens, that makes no sense. According to the research, the one system that is currently being sold that is less accurate than a punch card is a touch screen. The court decision doesn't make a lot of sense to me. It sounds to me that, as is so typical with this, you have people who really don't understand the issues and don't understand much about how the computer programs work forming decisions based on a combination of what politicians and vendor P.R. people say.

But one of the problems with optical-scan ballots is that you have to print up a lot of paper -- and, you know, if this election is postponed until March, a lot of the counties are going to have huge bills because they have to print new ballots.

Oh, goodness! I hadn't thought of that. Huge, huge bills, completely wasted.

So isn't that an argument for touch-screen voting?

I think the touch screens, if they had a paper trail so that we could do a proper audit, they would be my choice. The thing is if you speak Chinese, they can print something in Chinese. There would be no reason for all these combinations of ballots that folks have. It's kind of a nightmare which would be solved with the touch screens that can print.

Yes, I imagine that's one of the main selling points for touch-screen machines.

I would think so. It's just that they're not auditable. I'm not opposed to it, and I think it has tremendous advantages, but it just needs to be auditable. That's a deal-breaker -- it has to be auditable. And why I've been so down on Diebold is because they're the poster child for why it has to be auditable.


- - - - - - - - - - - -

 

Yet another article on electronic voting, this one from Salon...
_______________
Psst? Wanna get a look at some vote-counting software?
A computer programmer discovers a widely used computerized voting program on a publicly accessible Internet server.

- - - - - - - - - - - -
By Farhad Manjoo

Oct. 30, 2003 | Software used to count the votes in as many as 16 states has been found available on a publicly accessible Internet server. The files, which appear to reveal technical details about how votes are stored in machines made by Sequoia Voting Systems, have been accessible on the site for at least two years.

A computer programmer, who asked not to be named for fear of legal retaliation from Sequoia, says that he came upon the FTP server holding the files on Friday, when he visited the Web site of Jaguar Computer Systems, a computer consulting firm in Southern California that provides technical services to, among other customers, Riverside County. In the 2000 presidential election, Riverside became the first county in the nation to employ touch-screen machines in its precincts. Its machines are made by Sequoia.

Jaguar's site advertises its FTP server as a service to help clients who want to download files from the firm: "Our FTP site is ftp.jaguar.net," it says. "We support 'anonymous' logins and our '/PUB' directory is stuffed with many of the files that we use." When the activist logged in to this FTP site, he spotted a file called WinEDS200.zip -- a 44-megabyte file that turned out to be the installation program for software that tallies the votes in Sequoia's voting software.

When contacted for comment, Alfie Charles, a spokesman for Sequoia Voting Systems, was surprised to hear that the file was available on a public site. Later, Charles e-mailed Salon a statement denying responsibility for the security breach, but asserting that the availability of the code did not compromise the integrity of Sequoia's systems.

"Sequoia has not made this information publicly available or accessible and we are disturbed that it has been accessed in this inappropriate manner," reads the statement.

"A limited amount of proprietary code that is the property of Sequoia Voting Systems was posted on the ftp site of a consulting company hired by one of our customers ... While this breach of security is grossly negligent on the part of the county's contractor, the code that was retrieved is used to accumulate unofficial results on election night and does not compromise the integrity of the official electronic ballots themselves."

The statement then details several levels of security that ensure the voting software's integrity.

"While we are extremely disappointed that an important company asset has been made available to an unauthorized party, the existing policies and procedures for the conduct of elections ensure that there is no single point of failure and prevent the public exposure of that code from jeopardizing the integrity of any ballots or elections."

George Hoanzl, the vice president of marketing for Jaguar Computers, was similarly shocked by the situation. "A WinEDS file?" he asked. "It does not exist."

But when told that Salon had successfully downloaded the file, Hoanzl, too, said he'd look into the situation and then phone back. After about 10 minutes, he called back to say that he could not determine how the file ended up on his public FTP site, which allows anyone in the world to upload and download files to the server. It was at least 2 years old, he said, and he'd never been alerted to it before. But after being told about the file, Jaguar shut down public access to its FTP server.

It's unclear what, if any, vulnerabilities in the Sequoia system are posed by the public availability of the vote-counting software. Computer scientists who are familiar with voting-machine software declined to comment, explaining that they needed time to look over what was in the files.

The files install a full working version of the vote-counting system on a user's machine. Because the program does not include source code, the system's innards are not completely laid bare for public review -- which is what happened to Diebold when Bev Harris, an author who's investigated problems with touch-screen voting machines, discovered that company's code on a public FTP site earlier this year. In July, the source code she found was reviewed by scientists at Johns Hopkins and Rice universities, who found that security in Diebold's voting software fell "far below even the most minimal security standards applicable in other contexts."

But even without the source code, the Sequoia files will still provide some insight into the inner workings of the Sequoia system. The system is coded in Powerbuilder, a programming system used to quickly develop database applications; even though the Powerbuilder files have already been compiled into machine language, the code in these files that is used to send instructions to the voting database is still readable to humans. This database code -- written in the SQL language -- could possibly instruct critics of touch-screen systems (or, for that matter, anyone, even people without very noble intentions) on how to manipulate a Sequoia voting database.

The package also included many SQL files that seem to have been used to set up voting templates for several elections Sequoia has run. There's a file for Arapahoe County, Colo.; one for Burlington County, N.J.; another for Lake County, Ohio -- and about a dozen others. The files all seem to do the same thing -- create an empty database (one whose default password is set to "password") that the vote-counting software will fill up on Election Day.

The computer programmer who found the files suggested that if someone wanted to fake an election, the SQL templates could provide clues regarding the kind of database to set up. So, for example, if you want to set up a fake race for Your County, USA, all you might have to do is run these SQL commands to create a fake data set for Your County. But there's no evidence that any such thing has happened, so far.

 

Good lord, rimrocker... that was a long read, but it scared the living hell out of me. After reading that (the Bev Harris interview), anyone who's using the Diebold touch voting system is either crazy, uninformed or corrupt.

It sounds like the Georgia elections in 2002 may very well have been corrupt. There needs to be a huge investigation of Diebold and, at the very least, the Georgia elections ASAP.

This is astounding.

 

Another Salon article today... Are we reaching critical mass?
_______________
Groups question voting machines' accuracy

- - - - - - - - - - - -
Robert Tanner


Oct. 31, 2003 | Doubts about the trustworthiness of electronic voting machines are growing among election officials and computer scientists, complicating efforts to safeguard elections after the presidential stalemate of 2000.

With just over a year to go before the next presidential race, touchscreen voting machines don't seem like the cure-all some thought they would be. Skeptics fear they'll only produce more problems, from making recounts less reliable to giving computer hackers a chance to sabotage results.

"I'm deeply concerned about this whole idea of election integrity," said Warren Slocum, chief election officer in California's San Mateo County. His doubts were so grave that he delayed purchasing new voting machines and is sticking with the old ones for now.

He's not alone. While the Florida recount created momentum for revamping the way Americans vote, slow progress on funding and federal oversight means few people will see changes when they cast ballots next week. And new doubts could further slow things.

In Florida's Broward County -- scene of a Bush-Gore recount of punch-card ballots -- officials spent $17.2 million on new touchscreen equipment. Lately, they've expressed doubts about the machines' accuracy, and have discussed purchasing an older technology for 1,000 more machines they need.

The concerns focus on:

--Voter confidence: Since most touchscreen machines don't create a separate paper receipt, or ballot, voters can't be sure the machine accurately recorded their choice.

--Recounts: Without a separate receipt, election officials can't conduct a reliable recount but can only return to the computer's tally.

--Election fraud: Some worry the touchscreen machines aren't secure enough and allow hackers to potentially get in and manipulate results.

"The computer science community has pretty much rallied against electronic voting," said Stephen Ansolabahere, a voting expert at the Massachusetts Institute of Technology. "A disproportionate number of computer scientists who have weighed in on this issue are opposed to it."

Other doubters say the solution would be "voter verifiable paper trails" -- a paper receipt that voters can see to be confident of their choice, that can then be securely stored, and that election officials can rely on for recounts.

Federal election-reform legislation passed in 2002 aims to upgrade voting systems that rely on punch-card ballots or lever machines, and to improve voter registration, voter education and poll worker training.

States upgrading their equipment are looking at two systems: electronic machines, with voters making their choice by touchscreens similar to ATMs; and older optical scan machines, with voters using pen and paper to darken ovals, similar to standardized tests.

Still, North Dakota changed its plan to give officials the flexibility to go with touchscreens or optical scan machines. And the National Association of Secretaries of State held off from embracing touchscreens at its summer meeting, pending further studies.

"This is too important to just sort of slam through," said William Gardner, New Hampshire's secretary of state. In Congress, Rep. Rush Holt, D-N.J., has introduced a bill that would require that all voting machines create a paper trail.

Computer manufacturers and many election officials say the critics are mistaken. They insist that security is solid and machines records are examinable. They also say the sought-after improvements will create other problems, such as malfunctioning machines and violating the integrity of a voters' privacy.

Slocum figures that only about a half-dozen of California's county election commissioners share his concerns.

The complaints echo those that came up when lever machines were introduced in the 1920s, and again when punch cards came on the scene, said Doug Lewis, an expert at The Election Center in Houston, Texas.

``We were going to find that elections were manipulated wildly and regularly. Yet there was never any proof that that happened anywhere in America,'' Lewis said.

David Bear, a spokesman for Diebold Election Systems Inc., one of the larger voting machine makers, said "the fact of the matter is, there's empirical data to show that not only is electronic voting secure and accurate, but voters embrace it and enjoy the experience of voting that way."

This week, a federal appeals court in California threw out a lawsuit that challenged computerized voting without paper trails, finding that no voting system can eliminate all electoral fraud.

That didn't satisfy doubters.

John Rodstrom Jr., a Broward County (Fla.) commissioner said local officials there wanted to upgrade to optical scan machines, but were pressured into buying more than 5,000 touchscreens.

"We were forced by the Legislature to be a trailblazer," he said. "The vendors ... they're going to tell you it's perfect and wonderful. (But) there are a lot of issues out there that haven't been answered. It's a scary thing."

 

Read "The Best Democracy Money Can Buy," Greg Palast (this is all true) recounts how Jeb and K Harris illegally purged between 60,000 and 100,000 voters, half of them black, 90% of them low income.

Remember George's "cat-who-ate-the-canary" grin on election night when they asked him about Florida? That "we might have a surprise" response he gave (I forget the wording)?

Grotesque voter fraud is not a "yawn."

But the military contractors and corporations have been happy these past 3 years.

 

I'm not saying I buy what your arguing, but that scene has always stuck out in my mind.

 

More...

I cannot fathom why this doesn't merit Republican involvement. This is a basic question of democracy and is about as non-partisan as anything I can imagine Congress taking action on. That is, unless there really is a conspiracy going on... cue ominous music...
___________
Jury still out on e-voting
Touted as an antidote to the hanging chad, e-voting solution not proven, experts say
BY MICHAEL HARDY
Nov. 10, 2003

Sidebar: E-voting critiques

Web extra: Bias in the voting box?

Risk assessment report from SAIC

"Stanford professor slams e-voting" [Government E-Business, July 25, 2003]

Three years after the Florida election results debacle, electronic voting machines remain largely untested and controversial.

Legislation that could add voter-verified paper ballots to controversial touch-screen electronic voting machines remains stalled in a House committee, despite 61 cosponsors.

More and more election authorities are buying the machines, which are made by several companies. They are spurred by the Help America Vote Act of 2002 (HAVA). The law provides funding to replace outdated punch card and lever systems in an effort to avoid repeating the Florida chad controversy that kept the 2000 presidential election in limbo for weeks.

Touch-screen machine glitches caused some problems in the Nov. 4 elections. In Virginia, the Fairfax County Republican Committee filed a suit Nov. 4 challenging the validity of some votes after several malfunctioning machines were taken away from polling places for repairs while the election was under way.

Nine machines were taken out of their polling places, repaired and returned, said Judy Flaig, Fairfax County election manager. "No votes were lost," she said.

Eddie Page, chair of the county Republican group, said the challenge wasn't about the technology. "Voting machines were removed from the ballot house," he said. "It has nothing to do with the hardware at this point." Advanced Voting Solutions Inc. of Frisco, Texas, made the machines.

However, critics of the electronic systems say that voters using them have no way to verify that their votes are being recorded and counted accurately.

In addition, some computer scientists believe that at least one company's software contains security flaws that could allow vote tampering, based on research led by Aviel Rubin, an associate professor of computer science and technical director of the Johns Hopkins University Information Security Institute in Baltimore.

Officials at the company, Diebold Inc. subsidiary Diebold Election Systems, dispute those claims and say the scientists used an early version of the code and made faulty assumptions about election procedures. Diebold officials, however, did not respond to repeated requests for interviews.

The legislation, called the Voter Confidence and Increased Accessibility Act of 2003, introduced by Rep. Rush Holt (D-N.J.) in May, would require that the machines, generically called direct recording electronic (DRE) machines, print out a paper record of each vote so the voter can make sure it is correct. The printed ballot would be stored at the polling place and used if a manual recount or an audit of the results is needed.

Although the bill has attracted 61 cosponsors — all Democrats — it is still in the House Administration Committee. The bill has yet to attract any Republican support, according to Holt's staff.

"HAVA is fueling a rush by some states to buy computerized voting machines that have serious defects," Holt said in a statement. "Unless Congress acts to pass legislation that would ensure that all computerized voting machines have a paper record that voters can verify when they cast their ballots, voters and election officials will have no way of knowing if the machines are counting votes properly."

Paper records introduce their own problems, Flaig said. "The problem we have is who verifies the voter?" she said. Voters who wanted to create chaos could falsely claim the paper record did not accurately reflect their votes. "And we couldn't prove it at all," she said. "At some point, you've got to trust the system."

Holt introduced his bill as concern over so-called black box voting was building. In July, the Johns Hopkins team fanned the flames with the results of their analysis of Diebold AccuVote-TS code, obtained from an unofficial Web site. Maryland officials, who were close to finalizing a $55 million purchase of machines to use statewide, asked Science Applications International Corp. to perform a second analysis.

SAIC officials confirmed that the Hopkins researchers had analyzed the code properly, but said that many of the risks could be avoided or minimized by not connecting the machines to a network and by implementing security protocols and processes for election officials and poll workers.

SAIC's report, dated Sept. 2, echoed Diebold's criticism. "While many of the statements made by Mr. Rubin were technically correct, it is clear that Mr. Rubin did not have a complete understanding of the state of Maryland's implementation of the system and the election process controls or environment, [which] reduce or eliminate many of the vulnerabilities identified in the Rubin report," the SAIC report states.

Ultimately, Maryland officials completed the purchase, accepting 12 of SAIC's 17 recommendations. Diebold officials agreed to make three software changes to increase security but only for machines sold in Maryland.

The recommendations included steps to make the machines more secure and to raise the awareness of election officials. State officials agreed, among other things, to bring the system into compliance with the state's Information Security Policy, to implement a formal and documented system security plan, to change default passwords printed in Diebold's documentation and to review any changes to the system through a formal risk assessment process.

The Hopkins team suggested that unscrupulous voters or poll workers could forge the smart cards that citizens use to cast their votes, thereby allowing multiple votes. The team also reported that if election results were transmitted via the Internet from polling places to a central office, they could be intercepted and altered en route.

In addition, someone within Diebold could add malicious code to the system that would open a door for exploitation on election day, they said.

Diebold officials, in a written rebuttal to the report, disputed all of those assertions.

"There are some [issues] that could be solved relatively easily, some that would take a lot of effort and some that we don't think are solvable," Rubin said. "A lot of things that they need to fix, they don't have the talent for."

Unlike the Hopkins team, the SAIC researchers examined the machines themselves, said Benjamin Haddad, SAIC's senior vice president. "It was an analysis of the Maryland systems. They have the Johns Hopkins report available to them, but the analysis was of the machines," he said.

Although the SAIC researchers agreed that many of the fears the Hopkins team raised were unlikely to threaten a real election's integrity, they did not give the system a pass and emphasized the need for meticulous security safeguards.

"The system, as implemented in policy, procedure and technology, is at high risk of compromise," the report said.

The debate is a healthy one for the electronic voting industry, said Aldo Tesi, president and chief executive officer of Election Systems & Software Inc., a Diebold competitor in Omaha, Neb. However, he said, election procedures and the realities of the polling place do contribute to the integrity of the process.

"What we've had to do is educate those who are not so close to our products about the features that are already in there, and the procedures that must surround those features," said Ken Carbullido, ES&S' vice president of software engineering. "There is so much in there that the public doesn't know behind the scenes that makes it much more secure than people realize."

Many critics of DRE machines argue that until the security of the systems can be established beyond doubt, paper records should be mandatory. "It ought not be up to people like the Johns Hopkins guys to prove the equipment is insecure," said David Dill, professor of computer science at Stanford University. "The vendors should be made to prove they are secure."

Dan Wallach, assistant professor of computer science at Rice University and one of Rubin's team members, said poll workers and local election officials should not be required to prove the system is working because they are not technology experts

In Maryland, for example, Diebold officials agreed to change the system to encrypt the electronic transmission of election results and provide personal identification numbers for election officials so the system can log the identities of those accessing it.

The state also will establish a formal process for the review of audit trails and provide information security awareness and training for people who have access to the systems.

"The state of Maryland is requiring very, very small changes to Diebold's source code and putting all the onus on poll workers, which is very, very difficult and is not good enough," Wallach said.

Kim Zetter, a reporter for Wired News who has been following the issue, tested the notion that trained poll workers are the real defense against fraud during the October recall election in California. Observing a training session in Alameda County, she found apparent lapses in procedures, she said.

"The registrar of voters of Alameda County assured me that despite what was raised in that report, Alameda County was safe because they had procedures in place that would prevent" any problems, Zetter said.

"I was a bit amazed at not only the lack of security, but also their cavalier attitude about the lack of security," she said. "It didn't seem to register with them the things I raised to them. They didn't ask for my ID. They never asked anyone for ID."

Poll workers get keys to the machines and the buildings they are stored in several days before the election, Zetter said. The same key will open all the machines in the voting precinct — and possibly the whole county — giving any one person access to multiple machines, she said.

"No one seems to be addressing security issues because they don't expect anybody to do anything," Zetter said.

Some DRE critics point to optical scan devices as a better computer technology, because the voter fills out a paper ballot that the scanner then reads. Such systems combine the benefits of rapid and accurate vote tallying with the security of a paper audit trail to check in case of a dispute, they say.

Tesi said ES&S would be willing to add a paper record capability to its touch-screen machines if buyers want it.

Skepticism about the machines hurts the election process, Flaig said. "It's gotten to the point now, after Florida, where everybody who loses a race wants to go to the courts and find a way to change it," she said. "Nobody loses anymore because they didn't get as many votes. It's always because somebody tampered with something. Maybe the other candidate had a better message."

"I think we need an election system that doesn't depend on the technology," Dill said. "You can't make an ordinary computer secure enough to deal with voting without a backup system. Voting is a hard problem. People want to steal elections. Elections are a matter of national security. I don't think it's really doable right now."

http://www.fcw.com/fcw/articles/2003/1110/pol-evote-11-10-03.asp

 

More...

Lots of links on the page

http://www.eff.org/Legal/ISP_liability/OPG_v_Diebold/20031114_eff_pr.php

For Immediate Release: Friday, November 14, 2003
Court Hearing on Electronic Voting Company's Threats Against Critics
Diebold Suppressing Evidence of Voting Machine Flaws
Electronic Frontier Foundation Media Release
San Jose, CA - Two student activists and an Internet Service Provider (ISP) will ask a federal district court judge on Monday to stop the ongoing legal harassment of them and others in a case involving disclosure of flaws in electronic voting machines. The nonprofit ISP Online Policy Group (OPG) and two Swarthmore college students seek to prevent electronic voting machine manufacturer Diebold Systems, Inc., from issuing further legal threats against ISPs in an attempt to squelch publication of the embarrassing information.

Date: Monday, November 17, 2003

Time: 9:00am PST (press conference in front of courthouse after hearing)

Location: Federal Courthouse, 280 South 1st Street, San Jose, CA 95113 (near W. San Carlos St.)

Courtroom: Judge Jeremy Fogel, Courtroom 3, 5th Floor

Case: Online Policy Group v. Diebold (Case Number C-03-04913JF)

Diebold has threatened a dozen or more ISPs who host websites that publish or link to an email archive that includes emails from Diebold staff confirming flaws in Diebold voting machines and difficulties certifying the systems for actual elections.

The Electronic Frontier Foundation (EFF) and the Center for Internet and Society Cyberlaw Clinic at Stanford Law School are providing legal representation to the ISP OPG and two Swarthmore students, Nelson Pavlosky and Luke Smith, in this important case to prevent abusive copyright claims from silencing public debate about voting, the very foundation of our democratic process.

"We are pleased that the court has recognized the urgency of our case against Diebold with an expedited schedule," said EFF Staff Attorney Wendy Seltzer. "Diebold must not be permitted to use unfounded copyright claims to stifle public debate over the accuracy of electronic voting machines."

Diebold threatened not only the ISPs of direct publishers of the corporate documents, but also the ISPs of those who merely publish links to the documents. The ISP OPG refused to comply with Diebold's demand that it prohibit Independent Media Network (IndyMedia) from linking to Diebold documents.

"As an ISP committed to free speech, we are affirming our users' right to link to information that's critical to the debate on the reliability of electronic voting machines," said OPG's Colocation Director David Weekly. "The court now has the opportunity to defend free speech by helping protect small publishers and ISPs from frivolous legal threats by large corporations."

"Instead of paying lawyers to threaten its critics, Diebold should invest in creating electronic voting machines that include voter-verified paper ballots and other security protections," said EFF Legal Director Cindy Cohn.

 

I heard a fascinating special on NPR when I was driving from Austin to Houston two Sundays ago. It was part of a series called "Whose Democracy Is It?" and was produced by Minnesota Public Radio.

One of the segments goes into detail about some of the problems with electronic voting...

http://www.americanradioworks.org/features/voting/a1.html

Check out the whole project...it's definitely worth a look and a listen.


http://news.mpr.org/collections/special/2003/democracy/

 

More... Again, why is it that no Republican has signed on as a cosponsor of Holt's bill? You vote, the machine gives you a printout, you certify it and put it in a box. Why is this a partisan issue?
_________
Hack the Vote
By PAUL KRUGMAN

Inviting Bush supporters to a fund-raiser, the host wrote, "I am committed to helping Ohio deliver its electoral votes to the president next year." No surprise there. But Walden O'Dell — who says that he wasn't talking about his business operations — happens to be the chief executive of Diebold Inc., whose touch-screen voting machines are in increasingly widespread use across the United States.

For example, Georgia — where Republicans scored spectacular upset victories in the 2002 midterm elections — relies exclusively on Diebold machines. To be clear, though there were many anomalies in that 2002 vote, there is no evidence that the machines miscounted. But there is also no evidence that the machines counted correctly. You see, Diebold machines leave no paper trail.

Representative Rush Holt of New Jersey, who has introduced a bill requiring that digital voting machines leave a paper trail and that their software be available for public inspection, is occasionally told that systems lacking these safeguards haven't caused problems. "How do you know?" he asks.

What we do know about Diebold does not inspire confidence. The details are technical, but they add up to a picture of a company that was, at the very least, extremely sloppy about security, and may have been trying to cover up product defects.

Early this year Bev Harris, who is writing a book on voting machines, found Diebold software — which the company refuses to make available for public inspection, on the grounds that it's proprietary — on an unprotected server, where anyone could download it. (The software was in a folder titled "rob-Georgia.zip.") The server was used by employees of Diebold Election Systems to update software on its machines. This in itself was an incredible breach of security, offering someone who wanted to hack into the machines both the information and the opportunity to do so.

An analysis of Diebold software by researchers at Johns Hopkins and Rice Universities found it both unreliable and subject to abuse. A later report commissioned by the state of Maryland apparently reached similar conclusions. (It's hard to be sure because the state released only a heavily redacted version.)

Meanwhile, leaked internal Diebold e-mail suggests that corporate officials knew their system was flawed, and circumvented tests that would have revealed these problems. The company hasn't contested the authenticity of these documents; instead, it has engaged in legal actions to prevent their dissemination.

Why isn't this front-page news? In October, a British newspaper, The Independent, ran a hair-raising investigative report on U.S. touch-screen voting. But while the mainstream press has reported the basics, the Diebold affair has been treated as a technology or business story — not as a potential political scandal.

This diffidence recalls the treatment of other voting issues, like the Florida "felon purge" that inappropriately prevented many citizens from voting in the 2000 presidential election. The attitude seems to be that questions about the integrity of vote counts are divisive at best, paranoid at worst. Even reform advocates like Mr. Holt make a point of dissociating themselves from "conspiracy theories." Instead, they focus on legislation to prevent future abuses.

But there's nothing paranoid about suggesting that political operatives, given the opportunity, might engage in dirty tricks. Indeed, given the intensity of partisanship these days, one suspects that small dirty tricks are common. For example, Orrin Hatch, the chairman of the Senate Judiciary Committee, recently announced that one of his aides had improperly accessed sensitive Democratic computer files that were leaked to the press.

This admission — contradicting an earlier declaration by Senator Hatch that his staff had been cleared of culpability — came on the same day that the Senate police announced that they were hiring a counterespionage expert to investigate the theft. Republican members of the committee have demanded that the expert investigate only how those specific documents were leaked, not whether any other breaches took place. I wonder why.

The point is that you don't have to believe in a central conspiracy to worry that partisans will take advantage of an insecure, unverifiable voting system to manipulate election results. Why expose them to temptation?

I'll discuss what to do in a future column. But let's be clear: the credibility of U.S. democracy may be at stake.

 

...
__________
Diebold drops e-voting lawsuit
Associated Press


In a major victory for free speech enthusiasts on the Internet, Diebold Inc. has agreed not to sue voting rights advocates who publish leaked documents about the alleged security breaches of electronic voting.

A DIEBOLD SPOKESMAN promised in a conference call Monday with U.S. District Judge Jeremy Fogel and attorneys from the Electronic Frontier Foundation that it would not sue dozens of students, computer scientists and ISP operators who received cease-and-desist letters from August to October.
Diebold also promised not to file lawsuits against two Swarthmore College students and a San Francisco-based Internet service provider for copyright infringement, according to a motion that company attorneys filed Nov. 24 in San Jose's federal court.

Diebold did not disclose specifics on why it had dropped its legal case, but the decision is a major reversal of the company's previous strategy. North Canton, Ohio-based Diebold, which controls more than 50,000 touch-screen voting machines nationwide, had threatened legal action against dozens of individuals who refused to remove links to its stolen data.

"This is a huge victory that shows we have weapons on our side to protect free speech from overbearing copyright laws so that the Internet remains a forum for public discussion," said EFF staff attorney Wendy Seltzer. "We're trying to hammer home that you can't go around making idle threats that aren't backed up by the law."

Diebold spokesman David Bear emphasized Monday that while the company had dropped its case, it will continue to monitor the online proliferation of the leaked documents, and may file lawsuits against others who publish the data.

"We certainly reserve our right to protect our proprietary information in future cases," Bear said.

Diebold's battle began in March, when a hacker broke into the company's servers using an employee's ID number, and copied a 1.8-gigabyte file of company announcements, software bulletins and internal e-mails dating to January 1999.

The vast majority of the file included banal employee e-mails, software manuals and old voter record files. But several items raise security concerns about electronic voting that voting rights advocates have been trying to publicize for more than a year.


In one series of e-mails, a senior engineer dismissed concern from a lower-level programmer who questioned why Diebold lacked certification for the operating system in touch-screen voting machines. The Federal Election Commission requires such software to be certified by independent researchers.

In another e-mail, an executive scolded programmers for leaving software files on an Internet site without password protection.

In August, the hacker e-mailed data to voting activists, who published the information on their Web logs. Wired News published an online story. The documents have been widely circulated.

Seltzer said free speech advocates should hail Diebold's promise not to sue, but she warned that numerous individuals have already removed the offending material from Web sites.

EFF plans to continue with its case against Diebold, arguing under the Digital Millennium Copyright Act that Diebold must pay damages for intimidating Internet service providers. The hearing is scheduled for Feb. 9.

"The implicit threat was, 'If you don't take this material down, we might sue,"' Seltzer said. "Without them ever needing to file a federal complaint, they got these documents taken down from a huge number of sites. It was a chill on free speech that stopped discussion of electronic voting issues without ever getting before a judge."

 

What we fail to remember is that

1) the Democrats lost in 2000,
2) cried foul (and still are)
3) and Democrats began demanding voting reform, and screamed that electronic devices be used.

Problem is the majority of democrats all work union labor jobs, and republicans out number democrats in high-tech jobs... and oooops if that means the republicans own the companies that make the high-tech voting machines, then the democrats cry foul again.

So, tell us then... Which way would you rather lose the election?

By hand count or by computer?

Once again, the democrats cry foul on both sides of the issue.

 

Even using your logic, do you not see that there might be, just maybe, one or two Dems knowledgeable enough about "high-tech" stuff to rig the machines to cheat Republicans? And do you really value party over democracy?

Also, the majority of labor union job holders may vote for a Democrat, but the majority of Dems do not hold union affiliation. I'll assume your statement to the contrary was an honest mistake and not indicative of the ignorance of individuals that has led to unfair caricatures of all Republicans.

 

My guess would be that Diebold dropped the suits in an effort to draw as little attention as possible to themselves and this incredible possibility of fraud they are doing so little to prevent. I hope now that the cat is out of the bag that something will be done about it... and printing a copy of your vote to tabulate and insure an honest election is the least we can hope for. Trying to make this a partisan issue is disingenuous and absurd, in my opinion, and as likely to bite the party who enables it as much as help. The truth comes out, sooner or later.

 

Really, is 99% or 99.1% better for the loser to find out they've lost?

The point is... hand counting and manual machines WERE working.

As for the democracy vs. party thing... give me a break.

And don't twist my words to mean countless other things... oh, I forgot, that's what all of the left side does. (Like the generalization here? Because this time I meant it.)

Taking things so "chip on the shoulder" and "feelings on the sleeve" is what makes your overreaction to action on behalf of your overreactions so noticable.

Face it. Democrats cried foul. Republican run companies address the problem, fairly... and Democrats cried foul. I responded likewise to your crying foul, and you still cried foul.

You union affilliate, you.

<-------- that's my ignorant W smile to humor you "reasonable, down-to-earth, reality driven folks."

 

I think we should strive for as close to 100% as possible. The problem is not in ordinary races where it's say, 54%-46%. The problem is in those tight ones where it's 50%-50%.

I agree. So why are Republicans opposed to having a printout that can be manually counted if something goes wrong with the electronics or if a recount is needed?

Reread your post. I twisted nothing. Perhaps you could be more clear in the future.

Irony: See above.

The issue is not really ownership of the companies, but how those companies are run. Should source code for voting machines be proprietary? I think it should be open. Should problems with the machines and software be covered up? I think they should be known to all Americans. Should a Republican Senator and a avid Republican supporter run the companies? I don't care if they own them (Though there are some ethical issues with Hagel), but they should set it up so that even the appearance of influence on the day-to-day operations is minimalized.

And it is by no means certain that Republican run companies have addressed the problem fairly. In fact, competently is still in question.